diff --git a/CHANGES b/CHANGES
index 20918958db..ddc6d6d41f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4077.	[test]		Add static-stub regression test for DS NXDOMAIN
+			return making the static stub disappear. [RT #38564]
+
 4076.	[bug]		Named could crash on shutdown with outstanding
 			reload / reconfig events. [RT #38622]
 
diff --git a/bin/tests/system/staticstub/clean.sh b/bin/tests/system/staticstub/clean.sh
index 1127a4b70a..f9d8b034c5 100755
--- a/bin/tests/system/staticstub/clean.sh
+++ b/bin/tests/system/staticstub/clean.sh
@@ -14,16 +14,17 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
+rm -f dig.out.*
+rm -f ns*/named.lock
+rm -f ns2/named.conf
+rm -f ns3/example.db
+rm -f ns3/named.conf
+rm -f ns3/undelegated.db
+rm -f ns4/sub.example.db
+rm -f ns?/named.memstats
+rm -f ns?/named.run
+rm -f ns?/named_dump.db
 rm -rf */*.signed
 rm -rf */K*
 rm -rf */dsset-*
 rm -rf */trusted.conf
-rm -f ns?/named.run
-rm -f ns?/named.memstats
-rm -f ns?/named_dump.db
-rm -f ns2/named.conf
-rm -f ns3/named.conf
-rm -f ns3/example.db
-rm -f ns4/sub.example.db
-rm -f dig.out.*
-rm -f ns*/named.lock
diff --git a/bin/tests/system/staticstub/ns2/named.conf.in b/bin/tests/system/staticstub/ns2/named.conf.in
index 75f062267a..fbab9a2ce0 100644
--- a/bin/tests/system/staticstub/ns2/named.conf.in
+++ b/bin/tests/system/staticstub/ns2/named.conf.in
@@ -66,3 +66,8 @@ zone "example.info" {
 	type static-stub;
 	server-addresses { ::1; }; #ns4
 };
+
+zone "undelegated" {
+	type static-stub;
+	server-addresses { 10.53.0.3; };
+};
diff --git a/bin/tests/system/staticstub/ns3/named.conf.in b/bin/tests/system/staticstub/ns3/named.conf.in
index 8c1c78b22b..fa56e3b2b2 100644
--- a/bin/tests/system/staticstub/ns3/named.conf.in
+++ b/bin/tests/system/staticstub/ns3/named.conf.in
@@ -57,3 +57,8 @@ zone "example.org" {
 	type master;
 	file "example.org.db";
 };
+
+zone "undelegated" {
+	type master;
+	file "undelegated.db.signed";
+};
diff --git a/bin/tests/system/staticstub/ns3/sign.sh b/bin/tests/system/staticstub/ns3/sign.sh
index fb3c762cbe..4c970ec3f7 100755
--- a/bin/tests/system/staticstub/ns3/sign.sh
+++ b/bin/tests/system/staticstub/ns3/sign.sh
@@ -42,4 +42,24 @@ trusted-keys {
 };
 EOF
 ' > trusted.conf
+
+zone=undelegated
+infile=undelegated.db.in
+zonefile=undelegated.db
+keyname1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 1024 -n zone $zone`
+keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 2048 -f KSK -n zone $zone`
+cat $infile $keyname1.key $keyname2.key > $zonefile
+
+$SIGNER -g -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
+
+cat $keyname2.key | grep -v '^; ' | $PERL -n -e '
+local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
+local $key = join("", @rest);
+print <<EOF
+trusted-keys {
+    "$dn" $flags $proto $alg "$key";
+};
+EOF
+' >> trusted.conf
+
 cp trusted.conf ../ns2/trusted.conf
diff --git a/bin/tests/system/staticstub/ns3/undelegated.db.in b/bin/tests/system/staticstub/ns3/undelegated.db.in
new file mode 100644
index 0000000000..25a29fa0d2
--- /dev/null
+++ b/bin/tests/system/staticstub/ns3/undelegated.db.in
@@ -0,0 +1,26 @@
+; Copyright (C) 2015  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+$TTL 300	; 5 minutes
+undelegated.		IN SOA	ns3.undelegated. hostmaster.undelegated. (
+				2010080900 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+undelegated.		NS	ns3.undelegated.
+undelegated.		A	10.53.0.4
+undelegated.		AAAA	::1
+ns3.undelegated.		A	10.53.0.3
diff --git a/bin/tests/system/staticstub/tests.sh b/bin/tests/system/staticstub/tests.sh
index 603e748809..f718b1ce1d 100755
--- a/bin/tests/system/staticstub/tests.sh
+++ b/bin/tests/system/staticstub/tests.sh
@@ -203,5 +203,15 @@ grep "2nd example org data" dig.out.ns2.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+n=`expr $n + 1`
+echo "I:checking static-stub of a undelegated tld resolves after DS query ($n)"
+ret=0
+$DIG undelegated. @10.53.0.2 ds -p 5300 > dig.out.ns2.ds.test$n
+$DIG undelegated. @10.53.0.2 soa -p 5300 > dig.out.ns2.soa.test$n
+grep "status: NXDOMAIN" dig.out.ns2.ds.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns2.soa.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status